From 705cfb5016a27366427dd034740652f25335999e Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Fri, 5 Apr 2024 19:24:19 +0300 Subject: [PATCH] Fix empty banner (never set) issue --- data/exploits/psnuffle/pop3.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/data/exploits/psnuffle/pop3.rb b/data/exploits/psnuffle/pop3.rb index 60032ba88036..53e2e180a9a4 100755 --- a/data/exploits/psnuffle/pop3.rb +++ b/data/exploits/psnuffle/pop3.rb @@ -38,6 +38,10 @@ def parse(pkt) case s[:last] when nil # Its the first +OK must include the banner, worst case its just +OK + + # Strip the banner, so that we don't need to do it multiple times + # We can improve the banner by removing the +OK part + s[:banner] = matches.strip s[:info] = matches s[:proto] = "tcp" s[:name] = "pop3" @@ -62,7 +66,7 @@ def parse(pkt) :proof => s[:extra], :status => Metasploit::Model::Login::Status::SUCCESSFUL ) - print_status("Successful POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})") + print_status("Successful POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner]})") # Remove it form the session objects so freeup sessions.delete(s[:session]) @@ -91,7 +95,7 @@ def parse(pkt) :proof => s[:extra], :status => Metasploit::Model::Login::Status::INCORRECT ) - print_status("Invalid POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})") + print_status("Invalid POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner]})") s[:pass]="" end when nil